difficulty: 🩸🩸 rank: 18 writeup: rev(1)
Shiftycode ( 🩸🩸 481 pt, 11 solve )
TL;DR : simple vm
The vmcode file bin and binary shiftycode are given,
Seeing the decompile code, It read the vm codes from the filename in command line argument.
And execute the vm codes
https://github.com/snwox/ctf-writeup/blob/master/2022/HackPack/Shiftycode/get_vmcode.py
I copied the part that runs the vm code in decompiled code,
and I changed the C code to Python little by little
-hack-d6d50/Untitled.png)
on the 108th, 117th line, those are Condition Statement which exit when I input wrong FLAG in ar
But if I annotate the above two lines, I can see the full opcodes.
-hack-d6d50/Untitled%201.png)
ar[0]~ar[26] is user input
-hack-d6d50/Untitled%202.png)
-hack-d6d50/Untitled%203.png)
-hack-d6d50/Untitled%204.png)
-hack-d6d50/Untitled%205.png)
I input correct flag in ar, so the flags will be always False.
So all the Condition Statement can be passed
Annotating the two Condition Statement,
I can see all the Flag comparing opcode and Condition.
Input all the conditions in z3, I can get the flag
https://github.com/snwox/ctf-writeup/blob/master/2022/HackPack/Shiftycode/z3-solve.py